The SEC_CONFIG bit disables/enables the secure boot feature. When it is intact, any code can be executed. When it is blown, the security mode is on, and only signed and authorized code can be executed. Once been blown, it cannot be turned back/overridden during normal operation.